Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: ICMP (was: daily internet traffic report)
From: Frank de Wit <frankdewit () home nl>
Date: Mon, 18 Oct 2004 18:54:00 +0200

please don't call me sir, that makes me old ;-)
the answer is 'no'
do I win a price now?

Ron DuFresne wrote:


Question back at you sir;  Does OS fingerprinting rely soley upon ICMP
leakage?  I'd thought I saw a number of papers that related to OS
detection from the incentricities of TCP/IP stacks of the various OS',
like papers by Fydor, documented in phrack, etc.


Ron DuFresne

On Sun, 17 Oct 2004, Frank de Wit wrote:

I thought I asked a question ; the answer 'yes' should have been
sufficient ;-)
Just joking, let's ask two other questions:
-when you read about ICMP fingerprinting (see Ofir Arkin's great articles)
-and you see tools like Xprobe and a lot of other OS-fingerprinting tools
I might be wrong, but:
a) do you still think ICMP is a good thing in relation to security (by
b) why would you need ICMP from the internet to your perimeter/DMZ-devices?

Hojje, Frank

Willem Koenings wrote:

are they?
do you remember 'firewalking'?

sorry, but firewalking is not icmp-only technique and don't
use full range of icmp types/codes.
by firewalking you use tcp or udp packets (depends, which
protocol acl you want to study) with one bigger TTL than
target and monitor results via icmp type 11.

if you really afraid firewalking, then instead of closing
down all icmp you can close down only type 11. and nat
firewall protects you from firewalking anyway.

what i want to say? blindly closing down things is easiest
thing to do. but doing so you are not on the top of the problem
and you don't control things. get down to the problem and fix
things. there's one too many black hole routers in the world
and availability is also an security attribute.

al the best,


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]